lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 22 Jan 2016 09:30:50 -0800 From: Alexei Starovoitov <alexei.starovoitov@...il.com> To: Daniel Sangorrin <daniel.sangorrin@...hiba.co.jp> Cc: keescook@...omium.org, luto@...capital.net, wad@...omium.org, linux-kernel@...r.kernel.org, linux-api@...r.kernel.org, kernel-hardening@...ts.openwall.com Subject: Re: [RFC PATCH 1/1] seccomp: provide information about the previous syscall On Fri, Jan 22, 2016 at 03:30:00PM +0900, Daniel Sangorrin wrote: > This patch allows applications to restrict the order in which > its system calls may be requested. In order to do that, we > provide seccomp-BPF scripts with information about the > previous system call requested. > > An example use case consists of detecting (and stopping) return > oriented attacks that disturb the normal execution flow of > a user program. > > Signed-off-by: Daniel Sangorrin <daniel.sangorrin@...hiba.co.jp> ... > diff --git a/include/uapi/linux/seccomp.h b/include/uapi/linux/seccomp.h ... > struct seccomp_data { > int nr; > + int prev_nr; > __u32 arch; > __u64 instruction_pointer; > __u64 args[6]; this will break abi for existing seccomp programs. New field has to be at the end.
Powered by blists - more mailing lists